FREE SE Monitoring & Incident Response Questions and Answers

Question 1

Which of the following is the primary function of a Security Information and Event Management (SIEM) system?

Accepted Answer

Collecting and correlating log data from various sources to detect security threats

Answer

Encrypting sensitive data

Answer

Managing network traffic

Answer

Running vulnerability scans on systems

Question 2

Which of the following steps is typically the first in an incident response process?

Accepted Answer

Identification

Answer

Containment

Answer

Eradication

Answer

Recovery

Question 3

What is the purpose of continuous security monitoring?

Accepted Answer

To detect, investigate, and respond to security threats in real-time

Answer

To regularly update all software and applications

Answer

To ensure compliance with data privacy regulations

Answer

To automate the backup of critical data

Question 4

Which action is part of the "containment" phase in incident response?

Accepted Answer

Disconnecting affected systems from the network

Answer

Analyzing log data to identify the cause of the incident

Answer

Reporting the incident to regulatory authorities

Answer

Restoring affected systems from backups

Question 5

Which of the following is an example of a post-incident activity?

Accepted Answer

Conducting a post-incident review to learn lessons

Answer

Eradicating malware from infected systems

Answer

Updating firewall rules during the attack

Answer

Monitoring network traffic to detect the ongoing attack